Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks have become an unavoidable part of the technology landscape in recent years with attacks like ransomware, phishing, and whaling reaching an all-time high. According to IBM’s Cost of Data Breach Report 2022, the average cost of a ransomware attack is $4.54 million and the average cost of a breach in the US alone is $9.44 million. Cyber insurance is important in these instances, because it helps cover the financial losses incurred.

Organizations of all sizes that store, process, or transmit credit card data must comply with PCI DSS (Payment Card Industry Data Security Standards). The PCI standard’s 12 principal requirements can prove challenging for organizations to achieve and maintain, especially those in the highly-regulated financial industry. An upcoming PCI compliance audit may be cause for concern for many organizations, who are left scrambling to ensure their cybersecurity practices are up to scratch.

With companies in virtually every industry facing persistent and increasing cyber security threats, federal regulators are taking steps to protect customers and investors. In March, the SEC proposed new cyber security transparency rules that would require publicly traded companies to disclose, among other things, the cyber security expertise—or lack thereof—among their board members. This is despite the evidence that it is a recognized risk within businesses.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Quantum cryptography is seen as the way forward to protect all sorts of transactions. The standard has yet to be set and luckily one of the competing methods has just been broken.

Most cyber threats — like credential stuffing and card cracking — are committed by fraudsters with the aim of stealing money, data, or both. The law is clear on these cyberattacks: online fraud is illegal. But unlike these overtly malicious threats, web scraping isn’t always illegal, or even unethical. Aggregator sites like travel agencies and price comparison websites use scraper bots to help customers find the best deals.

Identity and Access Management or Identity Access Management (IAM) is a critical security function for organizations of all sizes for privileged access management. By managing access to systems and data, IAM can help mitigate the risk of information breaches and protect the organization's most valuable assets through IAM technologies.

Securely storing passwords is made easy by using a password manager. A password manager allows you to store all your passwords in one place, while only having to remember one password to secure all your accounts.

Alan Hannan is a member of the Netskope Network Visionaries advisory group. The cloud often seems like a black box for many corporate networking and security professionals. They have expertise in optimizing their internal network. Still, once they offload their traffic to the cloud, they figure they’re handing off optimization to the software-as-a-service (SaaS) provider.